[−][src]Struct google_compute1::Policy
Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources.
A Policy
consists of a list of bindings
. A binding
binds a list of members
to a role
, where the members can be user accounts, Google groups, Google domains, and service accounts. A role
is a named list of permissions defined by IAM.
JSON Example
{ "bindings": [ { "role": "roles/owner", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-other-app@appspot.gserviceaccount.com" ] }, { "role": "roles/viewer", "members": ["user:sean@example.com"] } ] }
YAML Example
bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-other-app@appspot.gserviceaccount.com role: roles/owner - members: - user:sean@example.com role: roles/viewer
For a description of IAM and its features, see the IAM developer's guide.
Activities
This type is used in activities, which are methods you may call on this type or where this type is involved in. The list links the activity name, along with information about where it is used (one of request and response).
- set iam policy disks (response)
- set iam policy resource policies (response)
- set iam policy images (response)
- get iam policy reservations (response)
- get iam policy instance templates (response)
- get iam policy snapshots (response)
- set iam policy subnetworks (response)
- set iam policy node templates (response)
- get iam policy resource policies (response)
- set iam policy instances (response)
- get iam policy instances (response)
- set iam policy snapshots (response)
- get iam policy node groups (response)
- set iam policy instance templates (response)
- get iam policy licenses (response)
- get iam policy subnetworks (response)
- set iam policy licenses (response)
- get iam policy images (response)
- set iam policy reservations (response)
- get iam policy disks (response)
- set iam policy node groups (response)
- get iam policy node templates (response)
Fields
audit_configs: Option<Vec<AuditConfig>>
Specifies cloud audit logging configuration for this policy.
version: Option<i32>
Deprecated.
etag: Option<String>
etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the etag
in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag
is returned in the response to getIamPolicy
, and systems are expected to put that etag in the request to setIamPolicy
to ensure that their change will be applied to the same version of the policy.
If no etag
is provided in the call to setIamPolicy
, then the existing policy is overwritten blindly.
rules: Option<Vec<Rule>>
If more than one rule is specified, the rules are applied in the following manner: - All matching LOG rules are always applied. - If any DENY/DENY_WITH_LOG rule matches, permission is denied. Logging will be applied if one or more matching rule requires logging. - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is granted. Logging will be applied if one or more matching rule requires logging. - Otherwise, if no rule applies, permission is denied.
bindings: Option<Vec<Binding>>
Associates a list of members
to a role
. bindings
with no members will result in an error.
iam_owned: Option<bool>
Trait Implementations
impl ResponseResult for Policy
[src]
impl Default for Policy
[src]
impl Clone for Policy
[src]
fn clone(&self) -> Policy
[src]
fn clone_from(&mut self, source: &Self)
1.0.0[src]
Performs copy-assignment from source
. Read more
impl Debug for Policy
[src]
impl Serialize for Policy
[src]
fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error> where
__S: Serializer,
[src]
__S: Serializer,
impl<'de> Deserialize<'de> for Policy
[src]
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
__D: Deserializer<'de>,
[src]
__D: Deserializer<'de>,
Auto Trait Implementations
impl Send for Policy
impl Unpin for Policy
impl Sync for Policy
impl UnwindSafe for Policy
impl RefUnwindSafe for Policy
Blanket Implementations
impl<T> ToOwned for T where
T: Clone,
[src]
T: Clone,
type Owned = T
The resulting type after obtaining ownership.
fn to_owned(&self) -> T
[src]
fn clone_into(&self, target: &mut T)
[src]
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,
type Error = <U as TryFrom<T>>::Error
The type returned in the event of a conversion error.
fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>
[src]
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Typeable for T where
T: Any,
T: Any,
impl<T> DeserializeOwned for T where
T: Deserialize<'de>,
[src]
T: Deserialize<'de>,